itlawwikiaorg-20200214-history
Privacy Act of 1974
Overview The 'Privacy Act of 1974'5 U.S.C. §552a. governs the collection, use, and dissemination of a “record.”The Act defines a record as "any item, collection, or grouping of information about an individual that is maintained by an agency and contains his or her name or another personal identifier." Id. §552a(a)(4). about an “individual,”The term individual means "a citizen of the United States or an alien lawfully admitted for permanent residence." Id. §552a(2). maintained by federal agenciesAn agency is defined as "any Executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the federal Government (including the Executive Office of the President), or any independent regulatory agency." 5 U.S.C. §552a(1) (incorporating 5 U.S.C. §552(f) (2000), which in turn incorporates 5 U.S.C. §551(1) (2000). in a “system of records.” The act defines system of records as "a group of records under the control of any agency from which information is retrieved by the name of the individual or by an individual identifier." Id. §552a(a)(5). The Act does not apply to private sector databases. The Act regulates federal government agency recordkeeping and disclosure practices, and prohibits the disclosure of any record maintained in a system of records to any person or agency without the written consent of the record subject, unless the disclosure falls within one of twelve statutory exceptions. The Act allows most individuals to seek access to records about themselves, and requires that personal information in agency files be accurate, complete, relevant, and timely.Id. § 552a(e)(5). The subject of a record may challenge the accuracy of information. The Privacy Act requires that when agencies establish or modify a system of records, they publish a “system-of-records notice” in the Federal Register.The Federal Register notice must identify, among other things, the type of data collected, the types of individuals about whom information is collected, the intended “routine” uses of data, and procedures that individuals can use to review and correct personal information. The term routine use means (with respect to the disclosure of a record) the use of such a record for a purpose that is compatible with the purpose for which it was collected. Id. § 552a(a)(7). Each agency is required to establish “rules of conduct for persons involved in the design, development, operation, or maintenance of any system of records, or in maintaining any record, and instruct each such person with respect to such rules and the requirements of Privacy Act. . . .”''Id.'' §552a(e)(9). Each agency that maintains a system of records is also required to “establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.”''Id.'' §552a(e)(10). The Privacy Act also applies to systems of records created by government contractors. Subsection (m) of the Privacy Act states: :"When an agency provides by a contract for the operation by or on behalf of the agency of a system of records to accomplish an agency function, the agency shall, consistent with its authority, cause the requirements of this section to be applied to such system. . . ."Id. §552(m).. The Privacy Act provides legal remedies that permit an individual to seek enforcement of the rights granted under the Act. The individual may bring a civil suit against the agency.A civil action under the Act can only be filed against an "agency,", not against an individual, a government official, an employee, or the United States. See, e.g., Connelly v. Comptroller of the Currency, 876 F.2d 1209, 1215 (5th Cir. 1989). The court may order the agency to amend the individual’s record, enjoin the agency from withholding the individual’s records, and may award actual damages of $1,000 or more to the individual for intentional or wilful violations. Shortly after the breach of the personal data of 26.5 million veterans in 2006 by the Department of Veterans Affairs, veterans groups filed a class-action lawsuit claiming that the U.S. Department of Veterans Affairs “flagrantly disregarded the privacy rights of essentially every man or woman to have worn a United States military uniform.” The plaintiffs alleged violations of the Administrative Procedure Act and the Privacy Act. The lawsuit seeks declaratory and injunctive relief and damages of $1,000 for every person listed in the missing database files. Vietnam Veterans of America, Inc. v. Nicholson, No. 1:06-cv-01038-JR (D. D.C. filed June 6, 2006). Courts may also assess attorneys’ fees and costs. The Act also contains criminal penalties; federal employees who fail to comply with the act’s provisions may be subjected to criminal penalties.5 U.S.C. §552a(i). See Stone v. Defense Investigative Serv., 816 F. Supp. 782, 785 (D.D.C. 1993) ("Under the Privacy Act, this Court has jurisdiction over individually named defendants only for unauthorized disclosure in violation of 5 U.S.C. §552a(i)."). The Office of Management and Budget (OMB) is required to prescribe guidelines and regulations for the use by agencies in implementing the act, and provide assistance to and oversight of the implementation of the act.5 U.S.C. §552a(v); 40 Fed. Reg. 28976 (July 9, 1975). Legislative History The entire legislative history of the Privacy Act of 1974 is contained in a convenient, one-volume compilation.See House Comm. on Gov't Operations and Senate Comm. on Gov't Operations, 94th Cong., 2d Sess., Legislative History of the Privacy Act of 1974 — S. 3418 (Public Law 93-579) Source Book on Privacy (1976) [hereinafter Source Book]. The Act was passed in great haste during the final week of the Ninety-Third Congress. No conference committee was convened to reconcile differences in the bills passed by the House and Senate. Instead, staffs of the respective committees — led by Senators Ervin and Percy, and Congressmen Moorhead and Erlenborn — prepared a final version of the bill that was ultimately enacted. The original reports are thus of limited utility in interpreting the final statute, while the more reliable legislative history consists of a brief analysis of the compromise amendments — entitled "Analysis of House and Senate Compromise Amendments to the Federal Privacy Act" — prepared by the staffs of the counterpart Senate and House committees and submitted in both the House and Senate in lieu of a conference report.See 120 Cong. Rec. 40,405-09, 40,881-83 (1974), reprinted in Source Book. at 858-68, 987-94. References Category:Legislation Category:Legislation-U.S.-Federal Category:Legislation-U.S.-Privacy Category:Privacy